[PATCH] Generic VFS fallback for security xattrs

	Designers of embedded systems may wish to say N here to conserve space.

config DEVPTS_FS_XATTR

	bool "/dev/pts Extended Attributes"

	depends on UNIX98_PTYS

	help

	  Extended attributes are name:value pairs associated with inodes by

	  the kernel or by users (see the attr(5) manual page, or visit

	  <http://acl.bestbits.at/> for details).

	  If unsure, say N.

config DEVPTS_FS_SECURITY

	bool "/dev/pts Security Labels"

	depends on DEVPTS_FS_XATTR

	help

	  Security labels support alternative access control models

	  implemented by security modules like SELinux.  This option

	  enables an extended attribute handler for file security

	  labels in the /dev/pts filesystem.

	  If you are not using a security module that requires using

	  extended attributes for file security labels, say N.

config TMPFS

	bool "Virtual memory file system support (former shm fs)"

	help

	  See <file:Documentation/filesystems/tmpfs.txt> for details.

config TMPFS_XATTR

	bool "tmpfs Extended Attributes"

	depends on TMPFS

	help

	  Extended attributes are name:value pairs associated with inodes by

	  the kernel or by users (see the attr(5) manual page, or visit

	  <http://acl.bestbits.at/> for details).

	  If unsure, say N.

config TMPFS_SECURITY

	bool "tmpfs Security Labels"

	depends on TMPFS_XATTR

	help

	  Security labels support alternative access control models

	  implemented by security modules like SELinux.  This option

	  enables an extended attribute handler for file security

	  labels in the tmpfs filesystem.

	  If you are not using a security module that requires using

	  extended attributes for file security labels, say N.

config HUGETLBFS

	bool "HugeTLB file system support"

	depends X86 || IA64 || PPC64 || SPARC64 || SUPERH || X86_64 || BROKEN

obj-$(CONFIG_UNIX98_PTYS)		+= devpts.o

devpts-$(CONFIG_UNIX98_PTYS)		:= inode.o

devpts-$(CONFIG_DEVPTS_FS_SECURITY)	+= xattr_security.o

#include <linux/mount.h>

#include <linux/tty.h>

#include <linux/devpts_fs.h>

#include <linux/xattr.h>

#define DEVPTS_SUPER_MAGIC 0x1cd1

extern struct xattr_handler devpts_xattr_security_handler;

static struct xattr_handler *devpts_xattr_handlers[] = {

#ifdef CONFIG_DEVPTS_FS_SECURITY

	&devpts_xattr_security_handler,

#endif

	NULL

};

static struct inode_operations devpts_file_inode_operations = {

#ifdef CONFIG_DEVPTS_FS_XATTR

	.setxattr	= generic_setxattr,

	.getxattr	= generic_getxattr,

	.listxattr	= generic_listxattr,

	.removexattr	= generic_removexattr,

#endif

};

static struct vfsmount *devpts_mnt;

static struct dentry *devpts_root;

	s->s_blocksize_bits = 10;

	s->s_magic = DEVPTS_SUPER_MAGIC;

	s->s_op = &devpts_sops;

	s->s_xattr = devpts_xattr_handlers;

	s->s_time_gran = 1;

	inode = new_inode(s);

	inode->i_gid = config.setgid ? config.gid : current->fsgid;

	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;

	init_special_inode(inode, S_IFCHR|config.mode, device);

	inode->i_op = &devpts_file_inode_operations;

	inode->u.generic_ip = tty;

	dentry = get_node(number);

/*

 * Security xattr support for devpts.

 *

 * Author: Stephen Smalley <sds@epoch.ncsc.mil>

 * Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>

 *

 * This program is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License as published by the Free

 * Software Foundation; either version 2 of the License, or (at your option)

 * any later version.

 */

#include <linux/string.h>

#include <linux/fs.h>

#include <linux/security.h>

#include <linux/xattr.h>

static size_t

devpts_xattr_security_list(struct inode *inode, char *list, size_t list_len,

			   const char *name, size_t name_len)

{

	return security_inode_listsecurity(inode, list, list_len);

}

static int

devpts_xattr_security_get(struct inode *inode, const char *name,

			  void *buffer, size_t size)

{

	if (strcmp(name, "") == 0)

		return -EINVAL;

	return security_inode_getsecurity(inode, name, buffer, size);

}

static int

devpts_xattr_security_set(struct inode *inode, const char *name,

			  const void *value, size_t size, int flags)

{

	if (strcmp(name, "") == 0)

		return -EINVAL;

	return security_inode_setsecurity(inode, name, value, size, flags);

}

struct xattr_handler devpts_xattr_security_handler = {

	.prefix	= XATTR_SECURITY_PREFIX,

	.list	= devpts_xattr_security_list,

	.get	= devpts_xattr_security_get,

	.set	= devpts_xattr_security_set,

};

		}

	}

	error = -EOPNOTSUPP;

	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {

	down(&d->d_inode->i_sem);

	error = security_inode_setxattr(d, kname, kvalue, size, flags);

	if (error)

		goto out;

		error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);

	error = -EOPNOTSUPP;

	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {

		error = d->d_inode->i_op->setxattr(d, kname, kvalue,

						   size, flags);

		if (!error) {

			fsnotify_xattr(d);

			security_inode_post_setxattr(d, kname, kvalue, size, flags);

			security_inode_post_setxattr(d, kname, kvalue,

						     size, flags);

		}

	} else if (!strncmp(kname, XATTR_SECURITY_PREFIX,

			    sizeof XATTR_SECURITY_PREFIX - 1)) {

		const char *suffix = kname + sizeof XATTR_SECURITY_PREFIX - 1;

		error = security_inode_setsecurity(d->d_inode, suffix, kvalue,

						   size, flags);

		if (!error)

			fsnotify_xattr(d);

	}

out:

	up(&d->d_inode->i_sem);

	}

	if (kvalue)

		kfree(kvalue);

	return error;

			return -ENOMEM;

	}

	error = -EOPNOTSUPP;

	if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {

	error = security_inode_getxattr(d, kname);

	if (error)

		goto out;

	error = -EOPNOTSUPP;

	if (d->d_inode->i_op && d->d_inode->i_op->getxattr)

		error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);

	else if (!strncmp(kname, XATTR_SECURITY_PREFIX,

			  sizeof XATTR_SECURITY_PREFIX - 1)) {

		const char *suffix = kname + sizeof XATTR_SECURITY_PREFIX - 1;

		error = security_inode_getsecurity(d->d_inode, suffix, kvalue,

						   size);

	}

	if (error > 0) {

		if (size && copy_to_user(value, kvalue, error))

			error = -EFAULT;

		   than XATTR_SIZE_MAX bytes. Not possible. */

		error = -E2BIG;

	}

	}

out:

	if (kvalue)

		kfree(kvalue);

			return -ENOMEM;

	}

	error = -EOPNOTSUPP;

	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {

	error = security_inode_listxattr(d);

	if (error)

		goto out;

	error = -EOPNOTSUPP;

	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {

		error = d->d_inode->i_op->listxattr(d, klist, size);

	} else {

		error = security_inode_listsecurity(d->d_inode, klist, size);

		if (size && error >= size)

			error = -ERANGE;

	}

	if (error > 0) {

		if (size && copy_to_user(list, klist, error))

			error = -EFAULT;

		   than XATTR_LIST_MAX bytes. Not possible. */

		error = -E2BIG;

	}

	}

out:

	if (klist)

		kfree(klist);